Crazyness on my computer

View previous topic View next topic Go down

Solved Crazyness on my computer

Post by dreamer2772 on 22nd November 2008, 11:53 pm

I keep getting ads popping up and I am not even on the internet. I preformed Hijackthis and here is the log......if anyone can help I would REALLY appreciate it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:00, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\default\Desktop\Computer stuff\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by Belahzur on 22nd November 2008, 11:54 pm

Is that the full log?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 22nd November 2008, 11:59 pm

no i didnt realize i didnt get everything...i am reposting it now...........

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:00, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\default\Desktop\Computer stuff\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nse9B.dll (file missing)
O2 - BHO: (no name) - {ae8e67e5-4ed3-4755-b517-160bee931b53} - C:\WINDOWS\system32\zinudemi.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: offersfortoday browser enhancer - {FD20102C-9B12-6381-AE27-F8B13C87E964} - C:\WINDOWS\system32\gqagtocixonqkv.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [sawcuglfut] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\gqagtocixonqkv.dll"
O4 - HKLM\..\Run: [CPMc3975f1d] Rundll32.exe "c:\windows\system32\pujosove.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [wiropividu] Rundll32.exe "C:\WINDOWS\system32\movokume.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [wiropividu] Rundll32.exe "C:\WINDOWS\system32\movokume.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [You must be registered and logged in to see this link.]
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\WINDOWS\system32\zunekehe.dll c:\windows\system32\pujosove.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pujosove.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pujosove.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 10964 bytes

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 23rd November 2008, 12:00 am

i am also getting dll errors when restarting my computer it is movokume.dll and pujosove.dll...it has me sooooo frustrated Bring it on

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by Belahzur on 23rd November 2008, 12:01 am

Don't worry, we'll kill it all off.


  • Download combofix from here, use the top links - [You must be registered and logged in to see this link.]
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 23rd November 2008, 12:14 am

it is taking awhile to prepare log report...while it was doing that though i still got the bleeping noise in the background that i usually get when those stupid ads pop up Sad tearing

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by Belahzur on 23rd November 2008, 12:16 am

It's fine. Smile
Combofix can take awhile to run on a badly infected machine.
Let it run and it will be done soon.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 23rd November 2008, 12:17 am

omg if this fixing it i am going to cry for reals i stayed up ALL night last night trying to figure this out.........you are a life saver <3

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by Belahzur on 23rd November 2008, 12:19 am

Awww, you shouldn't let malware do that to you.
Once we get the first log, everything will be okay, I can see where the infection files are.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 23rd November 2008, 12:20 am

what about those 2 dlls that popup when i restart....those are bad right?

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by Belahzur on 23rd November 2008, 12:21 am

Meh, not "bad" per say, just extremely annoying.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 23rd November 2008, 12:24 am

will this take care of those too?.......here is the combofixlog as well ..........

ComboFix 08-11-22.02 - default 2008-11-22 19:06:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.371 [GMT -5:00]
Running from: c:\documents and settings\default\Desktop\Computer stuff\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\default\Application Data\FunWebProducts
c:\documents and settings\default\Application Data\urlredir.cfg
c:\documents and settings\default\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\program files\Adssite Games Collection
c:\program files\Adssite Games Collection\BattlesOfHelicopters.exe
c:\program files\Adssite Games Collection\BobAndBill.exe
c:\program files\Adssite Games Collection\CrazyBlocks.exe
c:\program files\Adssite Games Collection\Lines.exe
c:\program files\Adssite Games Collection\uninstall.exe
c:\program files\Adssite Games Collection\VideoPool.exe
c:\program files\FBrowserAdvisor
c:\program files\FBrowsingAdvisor
c:\program files\FBrowsingAdvisor\IXPCOMEvents.xpt
c:\program files\FBrowsingAdvisor\Logo.png
c:\program files\FBrowsingAdvisor\main.db
c:\program files\FBrowsingAdvisor\unins000.dat
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\2E4D86DE.urr
c:\program files\FunWebProducts\Shared\0069736C.dat
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\INSTALL.LOG
c:\program files\webhancer
c:\program files\webhancer\Programs\sporder.dll
c:\windows\system32\adssite-remove.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\gorumiba.dll
c:\windows\system32\ledanozo.dll
c:\windows\system32\odevuwod.ini
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\rightonadz-uninst.exe
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NPF
-------\Service_MyWebSearchService
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-10-23 to 2008-11-23 )))))))))))))))))))))))))))))))
.

2008-11-22 18:09 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-22 18:09 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-22 18:09 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-22 18:09 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-22 18:09 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-22 18:09 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-22 18:09 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-22 18:09 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-22 18:09 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-22 18:09 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-22 16:15 . 2008-11-22 10:33 90,164 --------- c:\windows\system32\trz2.tmp
2008-11-22 16:15 . 2008-08-22 10:28 62,464 --------- c:\windows\system32\trz5.tmp
2008-11-22 16:15 . 2008-08-22 10:28 62,464 --------- c:\windows\system32\trz4.tmp
2008-11-22 16:14 . 2008-08-22 10:28 62,464 --------- c:\windows\system32\trz1.tmp
2008-11-21 02:18 . 2008-11-21 02:19 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 02:17 . 2008-11-21 02:17 d-------- c:\program files\QuickTime
2008-11-19 22:02 . 2008-11-22 18:10 3,682 --a------ c:\windows\system32\tmp.reg
2008-11-19 17:15 . 2008-11-19 17:16 47,897 --a------ c:\windows\system32\kzelalwxtndwwdp.exe
2008-11-18 19:54 . 2008-11-22 06:41 d-------- c:\program files\Alex Gordon
2008-11-17 14:34 . 2008-11-17 14:34 d-------- c:\documents and settings\default\Application Data\PlayFirst
2008-11-17 14:34 . 2008-11-17 14:34 d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2008-11-15 07:20 . 2008-11-15 07:20 d-------- c:\documents and settings\All Users\Application Data\Trymedia
2008-11-14 02:44 . 2008-11-14 02:44 296,448 --a------ c:\windows\system32\gqagtocixonqkv.dll
2008-11-13 18:41 . 2008-11-13 18:41 d-------- c:\documents and settings\default\Application Data\funkitron
2008-11-13 17:54 . 2008-11-13 18:41 d-------- c:\documents and settings\default\Application Data\BloodTies
2008-11-13 15:13 . 2008-11-13 15:13 d-------- c:\documents and settings\default\Application Data\iWin
2008-11-13 15:13 . 2008-11-13 15:13 d-------- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-11-13 02:04 . 2008-11-13 02:04 d-------- c:\documents and settings\default\Application Data\EA
2008-11-13 02:04 . 2008-11-13 02:04 d-------- c:\documents and settings\All Users\Application Data\EA
2008-11-12 23:22 . 2008-11-12 23:24 d-------- c:\program files\Loader
2008-11-12 18:32 . 2008-11-12 18:32 d-------- c:\documents and settings\default\Application Data\Meridian93
2008-11-12 13:26 . 2008-11-13 17:48 d-------- c:\program files\DragonEye
2008-11-12 13:19 . 2008-11-17 14:31 d-------- c:\program files\Pogo To Go
2008-11-12 04:10 . 2008-11-17 14:33 d-------- c:\program files\ToGo Game
2008-11-12 03:59 . 2008-11-12 03:59 d-------- c:\documents and settings\default\Saved Games
2008-11-12 03:59 . 2008-11-12 03:59 d-------- c:\documents and settings\default\Application Data\Flood Light Games
2008-11-12 03:59 . 2008-11-12 03:59 d-------- c:\documents and settings\All Users\Application Data\Flood Light Games
2008-11-12 03:54 . 2008-11-12 03:54 d-------- c:\program files\ReflexiveArcade
2008-11-12 03:54 . 2008-11-12 03:58 d-------- c:\program files\Dr Lynch Grave Secrets
2008-11-11 17:07 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 17:07 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-08 19:07 . 2008-11-08 19:25 d-------- c:\windows\BDOSCAN8
2008-11-04 15:11 . 2008-11-04 15:11 d-------- c:\program files\DIFX
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\system32\QuickTime.qts
2008-10-30 19:12 . 2008-10-30 19:12 d-------- c:\program files\Sun
2008-10-30 18:48 . 2008-10-30 18:48 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-30 01:02 . 2008-10-30 01:02 d--hs---- c:\documents and settings\default\PrivacIE
2008-10-30 00:55 . 2008-04-13 19:11 81,920 --a------ c:\windows\system32\ieencode.dll
2008-10-23 16:10 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 23rd November 2008, 12:24 am

log continued...........

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 02:41 --------- d-----w c:\program files\ICQ
2008-11-21 07:19 --------- d-----w c:\program files\iTunes
2008-11-21 07:18 --------- d-----w c:\program files\iPod
2008-11-21 07:18 --------- d-----w c:\program files\Common Files\Apple
2008-11-21 07:10 --------- d-----w c:\program files\Safari
2008-11-17 19:34 --------- d-----w c:\documents and settings\default\Application Data\Pogo Games
2008-10-31 00:05 --------- d-----w c:\documents and settings\default\Application Data\uTorrent
2008-10-30 23:48 --------- d-----w c:\program files\Java
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 18:33 --------- d-----w c:\documents and settings\All Users\Application Data\Avg7
2008-10-22 17:09 --------- d-----w c:\program files\Alwil Software
2008-10-22 17:07 --------- d-----w c:\documents and settings\default\Application Data\FrostWire
2008-10-21 19:12 --------- d-----w c:\program files\AML Products
2008-10-21 19:09 --------- d-----w c:\program files\The Cleaner Free
2008-10-21 18:46 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-21 18:33 --------- d-----w c:\program files\CleanMyPC
2008-10-05 09:09 --------- d-----w c:\program files\Tri Peaks 2-Quest For The Ruby Ring
2008-10-01 17:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-25 21:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-25 21:23 --------- d-----w c:\program files\Avanquest update
2008-09-25 21:23 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-09-25 21:22 --------- d-----w c:\program files\Sony Ericsson
2008-09-25 21:22 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-08-27 05:22 30,976 ----a-w c:\windows\rascntrl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD20102C-9B12-6381-AE27-F8B13C87E964}]
2008-11-14 02:44 296448 --a------ c:\windows\system32\gqagtocixonqkv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-07 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-30 136600]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"sawcuglfut"="c:\windows\system32\gqagtocixonqkv.dll" [2008-11-14 296448]
"wiropividu"="c:\windows\system32\yihazuso.dll" [2008-08-22 62464]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-30 c:\windows\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\zunekehe.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^default^Start Menu^Programs^Startup^hamachi.lnk]
backup=c:\windows\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
--a------ 2003-10-14 11:36 38984 c:\progra~1\ICQ\ICQNet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
-ra------ 2005-11-01 03:15 163840 c:\windows\system32\S3Trayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2006-04-07 16:45 53248 c:\windows\system32\VTTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 08\\Updater.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 08\\mainapp.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Disabled:DHCP Discovery Service

R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2008-02-05 9216]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2008-02-05 17920]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-22 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-22 20560]
R3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2008-02-05 808448]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\DRIVERS\a016bus.sys [2008-09-25 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\DRIVERS\a016mdfl.sys [2008-09-25 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\a016mdm.sys [2008-09-25 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\a016mgmt.sys [2008-09-25 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\a016obex.sys [2008-09-25 100648]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-15 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{ae8e67e5-4ed3-4755-b517-160bee931b53} - c:\windows\system32\zinudemi.dll
HKLM-Run-CPMc3975f1d - c:\windows\system32\pujosove.dll
HKLM-Run-SKE - (no file)
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\default\Application Data\Mozilla\Firefox\Profiles\e25uzwt3.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - [You must be registered and logged in to see this link.]
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-11-22 19:10:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\regsvr32.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2008-11-22 19:21:23 - machine was rebooted [default]
ComboFix-quarantined-files.txt 2008-11-23 00:19:59

Pre-Run: 190,923,358,208 bytes free
Post-Run: 191,088,312,320 bytes free

262 --- E O F --- 2008-11-12 08:02:54

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 23rd November 2008, 12:27 am

ss about 2 posts but it said original was too big Sad tearing man that scares me .... Afraid

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by Belahzur on 23rd November 2008, 12:30 am

I have edited alittle, please use the new script.
Yay, lets get rid of the last bits of the infections.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\trz2.tmp
c:\windows\system32\trz5.tmp
c:\windows\system32\trz4.tmp
c:\windows\system32\trz1.tmp
c:\windows\system32\kzelalwxtndwwdp.exe
c:\windows\system32\gqagtocixonqkv.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD20102C-9B12-6381-AE27-F8B13C87E964}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sawcuglfut"=-
"wiropividu"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"="scecli"

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 23rd November 2008, 12:43 am

when rebooting i got an error message.........for acord said memory could not be read...is this normal?

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 23rd November 2008, 12:44 am

i would have a better detailed message on it but it shut down too quick Sad tearing

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by Belahzur on 23rd November 2008, 12:47 am

Can you do the CFScript in safe mode?
Don't really know why that error happened, but it might not happen again if were lucky.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 23rd November 2008, 12:48 am

sure but it is generating the log now do u want me to stop it?

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by Belahzur on 23rd November 2008, 12:49 am

No, let it generate.
The mistake can be fixed another way.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 23rd November 2008, 12:51 am

ok so here is the log.....

ComboFix 08-11-22.02 - default 2008-11-22 19:37:45.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.68 [GMT -5:00]
Running from: c:\documents and settings\default\Desktop\Computer stuff\ComboFix.exe
Command switches used :: c:\documents and settings\default\Desktop\Computer stuff\CFscript.txt
* Created a new restore point

FILE ::
c:\windows\system32\gqagtocixonqkv.dll
c:\windows\system32\kzelalwxtndwwdp.exe
c:\windows\system32\trz1.tmp
c:\windows\system32\trz2.tmp
c:\windows\system32\trz4.tmp
c:\windows\system32\trz5.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\a.exe
c:\windows\system32\gqagtocixonqkv.dll
c:\windows\system32\kzelalwxtndwwdp.exe
c:\windows\system32\lodayija.dll
c:\windows\system32\trz1.tmp
c:\windows\system32\trz2.tmp
c:\windows\system32\trz4.tmp
c:\windows\system32\trz5.tmp
c:\windows\system32\yihazuso.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-23 to 2008-11-23 )))))))))))))))))))))))))))))))
.

2008-11-22 18:09 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-22 18:09 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-22 18:09 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-22 18:09 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-22 18:09 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-22 18:09 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-22 18:09 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-22 18:09 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-22 18:09 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-22 18:09 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-21 02:18 . 2008-11-21 02:19 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 02:17 . 2008-11-21 02:17 d-------- c:\program files\QuickTime
2008-11-19 22:02 . 2008-11-22 18:10 3,682 --a------ c:\windows\system32\tmp.reg
2008-11-18 19:54 . 2008-11-22 06:41 d-------- c:\program files\Alex Gordon
2008-11-17 14:34 . 2008-11-17 14:34 d-------- c:\documents and settings\default\Application Data\PlayFirst
2008-11-17 14:34 . 2008-11-17 14:34 d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2008-11-15 07:20 . 2008-11-15 07:20 d-------- c:\documents and settings\All Users\Application Data\Trymedia
2008-11-13 18:41 . 2008-11-13 18:41 d-------- c:\documents and settings\default\Application Data\funkitron
2008-11-13 17:54 . 2008-11-13 18:41 d-------- c:\documents and settings\default\Application Data\BloodTies
2008-11-13 15:13 . 2008-11-13 15:13 d-------- c:\documents and settings\default\Application Data\iWin
2008-11-13 15:13 . 2008-11-13 15:13 d-------- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-11-13 02:04 . 2008-11-13 02:04 d-------- c:\documents and settings\default\Application Data\EA
2008-11-13 02:04 . 2008-11-13 02:04 d-------- c:\documents and settings\All Users\Application Data\EA
2008-11-12 23:22 . 2008-11-12 23:24 d-------- c:\program files\Loader
2008-11-12 18:32 . 2008-11-12 18:32 d-------- c:\documents and settings\default\Application Data\Meridian93
2008-11-12 13:26 . 2008-11-13 17:48 d-------- c:\program files\DragonEye
2008-11-12 13:19 . 2008-11-17 14:31 d-------- c:\program files\Pogo To Go
2008-11-12 04:10 . 2008-11-17 14:33 d-------- c:\program files\ToGo Game
2008-11-12 03:59 . 2008-11-12 03:59 d-------- c:\documents and settings\default\Saved Games
2008-11-12 03:59 . 2008-11-12 03:59 d-------- c:\documents and settings\default\Application Data\Flood Light Games
2008-11-12 03:59 . 2008-11-12 03:59 d-------- c:\documents and settings\All Users\Application Data\Flood Light Games
2008-11-12 03:54 . 2008-11-12 03:54 d-------- c:\program files\ReflexiveArcade
2008-11-12 03:54 . 2008-11-12 03:58 d-------- c:\program files\Dr Lynch Grave Secrets
2008-11-11 17:07 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 17:07 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-08 19:07 . 2008-11-08 19:25 d-------- c:\windows\BDOSCAN8
2008-11-04 15:11 . 2008-11-04 15:11 d-------- c:\program files\DIFX
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\system32\QuickTime.qts
2008-10-30 19:12 . 2008-10-30 19:12 d-------- c:\program files\Sun
2008-10-30 18:48 . 2008-10-30 18:48 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-30 01:02 . 2008-10-30 01:02 d--hs---- c:\documents and settings\default\PrivacIE
2008-10-30 00:55 . 2008-04-13 19:11 81,920 --a------ c:\windows\system32\ieencode.dll
2008-10-23 16:10 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 02:41 --------- d-----w c:\program files\ICQ
2008-11-21 07:19 --------- d-----w c:\program files\iTunes
2008-11-21 07:18 --------- d-----w c:\program files\iPod
2008-11-21 07:18 --------- d-----w c:\program files\Common Files\Apple
2008-11-21 07:10 --------- d-----w c:\program files\Safari
2008-11-17 19:34 --------- d-----w c:\documents and settings\default\Application Data\Pogo Games
2008-10-31 00:05 --------- d-----w c:\documents and settings\default\Application Data\uTorrent
2008-10-30 23:48 --------- d-----w c:\program files\Java
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 18:33 --------- d-----w c:\documents and settings\All Users\Application Data\Avg7
2008-10-22 17:09 --------- d-----w c:\program files\Alwil Software
2008-10-22 17:07 --------- d-----w c:\documents and settings\default\Application Data\FrostWire
2008-10-21 19:12 --------- d-----w c:\program files\AML Products
2008-10-21 19:09 --------- d-----w c:\program files\The Cleaner Free
2008-10-21 18:46 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-21 18:33 --------- d-----w c:\program files\CleanMyPC
2008-10-05 09:09 --------- d-----w c:\program files\Tri Peaks 2-Quest For The Ruby Ring
2008-10-01 17:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-25 21:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-25 21:23 --------- d-----w c:\program files\Avanquest update
2008-09-25 21:23 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-09-25 21:22 --------- d-----w c:\program files\Sony Ericsson
2008-09-25 21:22 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-08-27 05:22 30,976 ----a-w c:\windows\rascntrl.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-23 00:14:41 62,464 --sha-w c:\windows\system32\fusigoka.dll
+ 2008-11-23 00:44:40 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4cc.dat
+ 2008-11-23 00:44:34 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_558.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 23rd November 2008, 12:52 am

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-07 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-30 136600]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-30 c:\windows\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_SZ scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^default^Start Menu^Programs^Startup^hamachi.lnk]
backup=c:\windows\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
--a------ 2003-10-14 11:36 38984 c:\progra~1\ICQ\ICQNet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
-ra------ 2005-11-01 03:15 163840 c:\windows\system32\S3Trayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2006-04-07 16:45 53248 c:\windows\system32\VTTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 08\\Updater.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 08\\mainapp.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Disabled:DHCP Discovery Service

R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2008-02-05 9216]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2008-02-05 17920]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-22 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-22 20560]
R3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2008-02-05 808448]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\DRIVERS\a016bus.sys [2008-09-25 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\DRIVERS\a016mdfl.sys [2008-09-25 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\a016mdm.sys [2008-09-25 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\a016mgmt.sys [2008-09-25 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\a016obex.sys [2008-09-25 100648]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-15 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-sawcuglfut - c:\windows\system32\gqagtocixonqkv.dll



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-11-22 19:44:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2008-11-22 19:50:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-23 00:48:43
ComboFix2.txt 2008-11-23 00:21:24

Pre-Run: 191,060,209,664 bytes free
Post-Run: 191,060,652,032 bytes free

219 --- E O F --- 2008-11-12 08:02:54

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by Belahzur on 23rd November 2008, 12:53 am

Haha, CF removed it regardless of my mistake.
Log looks good, how is the machine now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 23rd November 2008, 12:54 am

seems good........if i have any more problems i will let ya know........thank you soooooooooooooo much Thank You! Thank You! Thank You!

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by Belahzur on 23rd November 2008, 12:55 am

Everything looks great. Smile
Please delete this folder:
C:\Qoobox

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 23rd November 2008, 12:58 am

my avast antivirus is not loading on startup now....or atleast showing in the taskbar...why is that?

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by Belahzur on 23rd November 2008, 1:04 am

I see avast still haven't sorted this issue.
What happened was CF removed it from startup so it doesn't stop CF from running when it launches again at startup. After the CF run, CF will replace it so avast starts up again, but avast gets in the way and thinks CF is trying to do something other than good and stops it.
Annoying I know, but we can fix it.


  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 23rd November 2008, 1:12 am

still not there Sad tearing

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by Belahzur on 23rd November 2008, 1:16 am

It wants double backslashes. :whistle:


  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 23rd November 2008, 1:24 am

nope still nothing on restart Sad tearing lol i am a pain in the behind i know...ss about this Let me think

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by Belahzur on 23rd November 2008, 1:26 am

Darn.
Re-download the installer for avast!, uninstall it and re-install it. Smile

WAIT.

Re-run the reg script (the double backslash one) in safe mode.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 23rd November 2008, 1:35 am

ok ran in safe mode and that didnt work now should i try the uninstall reinstall?

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by Belahzur on 23rd November 2008, 1:39 am

Yeah, try that.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 23rd November 2008, 1:56 am

ok it is running its initial scan.........this may take awhile Big Grin i will let ya know if that fixes it Smile ty soo much again....hopefully i wont have anymore problems to bug ya with Smile

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by Belahzur on 23rd November 2008, 2:02 am

I don't think it will find anything, CF log came back clean.
It will probably find infected restore points. But as long as you don't use system restore, there's no problem. I have to head off now, so if it finds infected restore points, use these instructions.

Your System Restore Points are infected and need to be cleaned
To clean them, Please do the following

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

It will likely find CF's quarantine folder, so delete this folder too.
C:\Qoobox


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by dreamer2772 on 23rd November 2008, 2:06 am

ok thank you again sooo much for all your help u r a geekpolice GOD!!!! Thank You! Hooray! Cheers Mate

dreamer2772
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-22
OS OS : windows xp
Points Points : 29370
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by Belahzur on 23rd November 2008, 2:07 am

Haha. I do what I can. Thank You!


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Crazyness on my computer

Post by Doctor Inferno on 1st December 2008, 2:15 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104610
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum